For almost 10 years, I have been using Linux based operating systems, so I know very well how giving root access to applications may be a security issue.

However, from my searches regarding Android, I have found the following information, relevant to this question:

If you root the device yourself, you generally install SuperSU too, which will ask you whether it should allow root access to applications when requested.

There are malware which can root a device from inside, and will use su without you ever knowing. I remember the first time I rooted a device, and it was an APK which would exploit security vulnerabilities.

So, by taking into consideration the two presented points, in the case that a malware is successful in rooting my device, and I don't have SuperSU installed, wouldn't my system be more vulnerable, since now any application can request root access without my knowledge?

1 Answer
1

Android doesn't have an su command like other Linux distros do. The su binaries we use on Android are added to the /system (for pre-6.0 versions) and they are customized to work with the GUI application (such as SuperSU)

So when you run an application that wants to run as root, it sends out a call to su binary. Binary checks the list generated by the GUI app to see if you have a preset choice for the application such as allow, deny or prompt. If you don't have a preset choice for that specific app then it checks your default choice and acts accordingly.

There isn't one universally accepted su binary. Any developer that develops apps like SuperSU or Superuser (GUI apps) crafts their own su binary in a way that it'll work with the GUI app.

So if a malware flashes its own su binary, it will be customized in a way that it won't ask or notify you in any way whether you are rooted before that or not.

You can check my other answers from here, here and here for extra information about root systematics of Android.